diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 4498db46d286..40209049f7a3 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -4396,6 +4396,12 @@ githubId = 27668; name = "Tobias Pflug"; }; + gin66 = { + email = "jochen@kiemes.de"; + github = "gin66"; + githubId = 5549373; + name = "Jochen Kiemes"; + }; giogadi = { email = "lgtorres42@gmail.com"; github = "giogadi"; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 28724d1e85d3..cbc650249127 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -914,6 +914,7 @@ ./services/networking/vsftpd.nix ./services/networking/wasabibackend.nix ./services/networking/websockify.nix + ./services/networking/wg-netmanager.nix ./services/networking/wg-quick.nix ./services/networking/wireguard.nix ./services/networking/wpa_supplicant.nix diff --git a/nixos/modules/services/networking/wg-netmanager.nix b/nixos/modules/services/networking/wg-netmanager.nix new file mode 100644 index 000000000000..493ff7ceba9f --- /dev/null +++ b/nixos/modules/services/networking/wg-netmanager.nix @@ -0,0 +1,42 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.wg-netmanager; +in +{ + + options = { + services.wg-netmanager = { + enable = mkEnableOption "Wireguard network manager"; + }; + }; + + ###### implementation + config = mkIf cfg.enable { + # NOTE: wg-netmanager runs as root + systemd.services.wg-netmanager = { + description = "Wireguard network manager"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + path = with pkgs; [ wireguard-tools iproute2 wireguard-go ]; + serviceConfig = { + Type = "simple"; + Restart = "on-failure"; + ExecStart = "${pkgs.wg-netmanager}/bin/wg_netmanager"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + ExecStop = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + + ReadWritePaths = [ + "/tmp" # wg-netmanager creates files in /tmp before deleting them after use + ]; + }; + unitConfig = { + ConditionPathExists = ["/etc/wg_netmanager/network.yaml" "/etc/wg_netmanager/peer.yaml"]; + }; + }; + }; + + meta.maintainers = with maintainers; [ gin66 ]; +} diff --git a/pkgs/tools/networking/wg-netmanager/default.nix b/pkgs/tools/networking/wg-netmanager/default.nix new file mode 100644 index 000000000000..1392934564eb --- /dev/null +++ b/pkgs/tools/networking/wg-netmanager/default.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, fetchFromGitHub, rustPlatform, darwin, wireguard-go, Security }: + +rustPlatform.buildRustPackage rec { + pname = "wg-netmanager"; + version = "0.4.1"; + + src = fetchFromGitHub { + owner = "gin66"; + repo = "wg_netmanager"; + rev = "wg_netmanager-v${version}"; + sha256 = "AAtSSBz2zGLIEpcEMbe1mfYZikiaYEI+6KeSL5n54PE="; + }; + + cargoSha256 = "17k83QkQDq5uRCRADRLD2Q7pv7yES20lpms/N/UK+BM="; + + buildInputs = lib.optional stdenv.isDarwin Security; + + # Test 01 tries to create a wireguard interface, which requires sudo. + doCheck = true; + checkFlags = "--skip device"; + + meta = with lib; { + description = "Wireguard network manager"; + longDescription = "Wireguard network manager, written in rust, simplifies the setup of wireguard nodes, identifies short connections between nodes residing in the same subnet, identifies unreachable aka dead nodes and maintains the routes between all nodes automatically. To achieve this, wireguard network manager needs to be running on each node."; + homepage = "https://github.com/gin66/wg_netmanager"; + license = with licenses; [ mit asl20 bsd3 mpl20 ]; + maintainers = with maintainers; [ gin66 ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 7c818f1b6e06..c806af25e885 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10937,6 +10937,10 @@ with pkgs; wg-friendly-peer-names = callPackage ../tools/networking/wg-friendly-peer-names { }; + wg-netmanager = callPackage ../tools/networking/wg-netmanager { + inherit (darwin.apple_sdk.frameworks) Security; + }; + woff2 = callPackage ../development/web/woff2 { }; woof = callPackage ../tools/misc/woof { };